Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks.

Ongoing phishing campaign can hack you even when you’re protected with MFA Campaign that steals email has targeted at least 10,000 organizations since September.

A devious new phishing technique allows attackers to bypass MFA by secretly having victims log in to their accounts directly on attacker-controlled servers using VNC.

Lapsus$ and the group behind the SolarWinds hack have utilized prompt bombing to defeat weaker MFA protections in recent months.